Internet Protocol version 6 (IPv6) is sometimes referred to as the Next Generation Internet Protocol, and is a new IP protocol for replacing the current Internet Protocol version 4 (IPv4). Currently, in the Internet, mostly the IPv4 protocol is applied. However, as the application of the Internet is continuously enlarged, the IPv4 protocol encounters significant problem, for example, the address exhaustion. The IPv6 is proposed to overcome the problems and the disadvantages of the IPv4. Meanwhile, the IPv6 is improved in many aspects, for example, routing and automatic configuration. Therefore, the IPv6 will gradually replace the IPv4.
A cryptographically generated address (CGA) is a special IPv6 address, in which an interface identifier part is generated through a one-way cryptographic hash algorithm by using a public key in combination with auxiliary information. When the CGA is used, a receiving party needs to re-calculate the hash value, and compares the re-calculated hash value with the address interface identifier part of a sending party, so as to verify the binding relationship between the public key and the address of the sending party. For the protection of a network message, the public key and the auxiliary information are attached to the network message, and the network message is signed using the corresponding private key. In the CGA solution, the authentication of the address is achieved in an IP layer without other authoritative certificate systems or other security architecture, so the CGA solution is a simple and highly efficient security solution. In the definition of the CGA, a source of the public key/private key pair is not designated, the public key/private key pair may be assigned by an authoritative certificate system, or calculated by the client, or may be generated by other sources.
During the implementation of the present disclosure, the inventors find that the conventional art has at least the following problems.
In the conventional art, the CGA is generated by the client, and it is assumed that the generation of the CGA does not need any network information, and the generation of the CGA lacks information of the network level, so the generated CGA may not satisfy the requirement of the network configuration. Further, when the CGA is generated, a large computational consumption is required, but usually the computing capability of the client is rather limited. In particular, the mobile client or the low-end sensor cannot bear or occupy too many computing resources, so that the generation of the CGA will result in lower performance of the client, especially when the mobile client is frequently handed over between access networks and needs to frequently change the network address, because the burden of generating the CGA is greatly increased at that time.